Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

github-actions: clarify workflows permissions, set least possible privilege #9928

Closed
wants to merge 2 commits into from

Conversation

diogoteles08
Copy link
Contributor

Set top-level permissions to None on all workflows and then set per-job permissions, giving only the necessary ones. This avoids that new jobs inherit unwanted privileges.

Previously most of the workflows did not have written permissions, so their permissions were depending on the permission set as default on the Github repo settings

Discussion: https://curl.se/mail/lib-2022-11/0028.html

…vilege

Set top-level permissions to None on all workflows, setting per-job
permissions. This avoids that new jobs inherit unwanted permissions.

Discussion: https://curl.se/mail/lib-2022-11/0028.html

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
@bagder bagder added the CI Continuous Integration label Nov 16, 2022
.github/workflows/fuzz.yml Outdated Show resolved Hide resolved
Exchange order of two instructions in a workflow to keep the same sequence
as in the other workflows.

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
@bagder bagder requested a review from mback2k November 28, 2022 08:12
@bagder
Copy link
Member

bagder commented Dec 2, 2022

@cmeister2 @mback2k any objections to me merging this ?

mback2k
mback2k approved these changes Dec 2, 2022
Copy link
Member

@mback2k mback2k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bagder
Copy link
Member

bagder commented Dec 2, 2022

Thanks!

@bagder bagder closed this in a2f5a4c Dec 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CI Continuous Integration
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants